Sensitive Information Exposure in Database Backup Plugin for WordPress
CVE-2024-13911

7.2HIGH

Key Information:

Vendor
WordPress
Status
Database Backup And Check Tables Automated With Scheduler 2024
Vendor
CVE Published:
1 March 2025

Summary

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is susceptible to sensitive information exposure due to inadequate access controls on the /dashboard/backup.php endpoint. Authenticated users with Administrator-level access can exploit this vulnerability to gain access to private data, including full database credentials, compromising the security of the entire WordPress installation.

Affected Version(s)

Database Backup and check Tables Automated With Scheduler 2024 * <= 2.35

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/database-backu...
https://plugins.trac.wordpress.org/browser/database-backu...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dzmitry Sviatlichny
.